/*
 * Copyright 2006 Google Inc.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.google.gwt.user.server.rpc;

import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.client.rpc.SerializationException;
import com.google.gwt.user.client.rpc.SerializationStream;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.zip.GZIPOutputStream;

import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * The servlet base class for your RPC service implementations that
 * automatically deserializes incoming requests from the client and serializes
 * outgoing responses for client/server RPCs.
 */
public class RemoteServiceServlet extends HttpServlet {

  /**
   * @skip
   */
  public interface CallResponse {
    void onDeclaredExceptionThrown(Throwable e);

    void onUnexpectedExceptionThrown(Throwable e);

    void onNormalResult(String responsePayload);
  }

  private static final String ACCEPT_ENCODING = "Accept-Encoding";
  private static final String CHARSET_UTF8 = "UTF-8";

  /**
   * These members are used to get and set the different HttpServletResponse and
   * HttpServletRequest headers.
   */
  private static final String CONTENT_ENCODING = "Content-Encoding";
  private static final String CONTENT_ENCODING_GZIP = "gzip";
  private static final String CONTENT_TYPE = "Content-Type";
  private static final String CONTENT_TYPE_TEXT_PLAIN_UTF8 = "text/plain; charset=utf-8";

  private static final String GENERIC_FAILURE_MSG = "The call failed on the server; see server log for details";

  private static final HashMap TYPE_NAMES;

  /**
   * Controls the compression threshold at and below which no compression will
   * take place.
   */
  private static final int UNCOMPRESSED_BYTE_SIZE_LIMIT = 256;

  /**
   * Find the invoked method on either the specified interface or any super.
   */
  private static Method findInterfaceMethod(Class intf, String methodName,
      Class[] paramTypes, boolean includeInherited) {
    try {
      return intf.getDeclaredMethod(methodName, paramTypes);
    } catch (NoSuchMethodException e) {
      if (includeInherited) {
        Class[] superintfs = intf.getInterfaces();
        for (int i = 0; i < superintfs.length; i++) {
          Method method = findInterfaceMethod(superintfs[i], methodName,
            paramTypes, true);
          if (method != null)
            return method;
        }
      }

      return null;
    }
  }

  /**
   * Return true if the response object accepts Gzip encoding. This is done by
   * checking that the accept-encoding header specifies gzip as a supported
   * encoding.
   */
  private static boolean acceptsGzipEncoding(HttpServletRequest request) {
    assert (request != null);

    String acceptEncoding = request.getHeader(ACCEPT_ENCODING);
    if (null == acceptEncoding) {
      return false;
    }

    return (acceptEncoding.indexOf(CONTENT_ENCODING_GZIP) != -1);
  }

  /**
   * This method attempts to estimate the number of bytes that a string will
   * consume when it is sent out as part of an HttpServletResponse.
   * 
   * This really a hack since we are assuming that every character will consume
   * two bytes upon transmission. This is definitely not true since some
   * characters actually consume more than two bytes and some consume less. This
   * is even less accurate if the string is converted to UTF8. However, it does
   * save us from converting every string that we plan on sending back to UTF8
   * just to determine that we should not compress it.
   */
  private static int estimateByteSize(final String buffer) {
    return (buffer.length() * 2);
  }

  private Class getClassFromName(String name) throws ClassNotFoundException {
    Object value = TYPE_NAMES.get(name);
    if (value != null) {
      return (Class) value;
    }

    return Class.forName(name, false, this.getClass().getClassLoader());
  }

  /**
   * This method returns true if the response to the http request should be
   * compressed. This is done if the request accepts GZIP and the response
   * string's estimated byte length is longer than 128 bytes.
   */
  private static boolean shouldCompress(final HttpServletRequest request,
      final String buffer) {

    if (acceptsGzipEncoding(request)) {
      return estimateByteSize(buffer) > UNCOMPRESSED_BYTE_SIZE_LIMIT;
    }

    return false;
  }

  /**
   * The default constructor.
   * 
   * @skip
   */
  public RemoteServiceServlet() {
    serializableTypeOracle = new ServerSerializableTypeOracleImpl(
      getPackagePaths());
  }

  /**
   * This is called internally.
   * 
   * @skip
   */
  public void doPost(HttpServletRequest request,
      HttpServletResponse response) throws IOException, ServletException {
    Throwable caught;
    try {
      // Store the request object in thread-local storage.
      //
      perThreadRequest.set(request);

      // Read the request fully.
      //
      String requestPayload = readPayloadAsUtf8(request);

      // Invoke the core dispatching logic, which returns the serialized
      // result.
      //
      String responsePayload = processCall(requestPayload);

      // Write the response.
      //
      writeResponse(request, response, responsePayload);

      return;

    } catch (IOException e) {
      caught = e;
    } catch (ServletException e) {
      caught = e;
    } catch (SerializationException e) {
      caught = e;
    } catch (Throwable e) {
      caught = e;
    }

    respondWithFailure(getServletContext(), response, caught);
  }

  /**
   * This is public so that it can be unit tested easily without HTTP.
   * 
   * @skip
   */
  public String processCall(String payload) throws SerializationException {

    // Let subclasses see the serialized request.
    //
    onBeforeRequestDeserialized(payload);

    // Create a stream to deserialize the request.
    //
    ServerSerializationStream stream = new ServerSerializationStream(
      serializableTypeOracle);
    stream.prepareToRead(payload);

    // Read the service interface
    //
    String serviceIntfName = (String) stream.readObject();

    // TODO(mmendez): need to check the signature
    // Verify that this very servlet implements the specified interface name.
    //
    if (!isImplementedRemoteServiceInterface(serviceIntfName)) {
      // Bad payload, possible hack attempt.
      //
      throw new SecurityException(
        "Blocked attempt to access interface '"
          + serviceIntfName
          + "', which is either not implemented by this servlet or which doesn't extend RemoteService; this is either misconfiguration or a hack attempt");
    }

    // Actually get the service interface, so that we can query its methods.
    //
    Class serviceIntf;
    try {
      serviceIntf = getClassFromName(serviceIntfName);
    } catch (ClassNotFoundException e) {
      throw new SerializationException("Unknown service interface class '"
        + serviceIntfName + "'", e);
    }

    // Read the method name.
    //
    String methodName = (String) stream.readObject();

    // Read the number and names of the parameter classes from the stream.
    // We have to do this so that we can find the correct overload of the
    // method.
    //
    int paramCount = stream.readInt();
    Class[] paramTypes = new Class[paramCount];
    for (int i = 0; i < paramTypes.length; i++) {
      String paramClassName = (String) stream.readObject();
      try {
        paramTypes[i] = getClassFromName(paramClassName);
      } catch (ClassNotFoundException e) {
        throw new SerializationException("Unknown parameter " + i + " type '"
          + paramClassName + "'", e);
      }
    }

    // For security, make sure the method is found in the service interface
    // and not just one that happens to be defined on this class.
    //
    Method serviceIntfMethod = findInterfaceMethod(serviceIntf, methodName,
      paramTypes, true);

    // If it wasn't found, don't continue.
    //
    if (serviceIntfMethod == null) {
      // Bad payload, possible hack attempt.
      //
      throw new SecurityException("Method '" + methodName
        + "' (or a particular overload) on interface '" + serviceIntfName
        + "' was not found, this is either misconfiguration or a hack attempt");
    }

    // Deserialize the parameters.
    //
    Object[] args = new Object[paramCount];
    for (int i = 0; i < args.length; i++) {
      args[i] = stream.deserializeValue(paramTypes[i]);
    }

    // Make the call via reflection.
    //
    String responsePayload = GENERIC_FAILURE_MSG;
    Throwable caught = null;
    try {
      Class returnType = serviceIntfMethod.getReturnType();
      Object returnVal = serviceIntfMethod.invoke(getObjectToInvokeServiceIntfMethodOn(), args);
      responsePayload = createResponse(stream, returnType, returnVal, false);
    } catch (IllegalArgumentException e) {
      caught = e;
    } catch (IllegalAccessException e) {
      caught = e;
    } catch (InvocationTargetException e) {
      caught = e;
    }

    if (caught != null) {
      responsePayload = GENERIC_FAILURE_MSG;

      // Be more specific if it's a declared exception.
      //
      if (caught instanceof InvocationTargetException) {
        Throwable cause = ((InvocationTargetException) caught).getCause();
        if (cause != null) {
          if (isExpectedException(serviceIntfMethod, cause)) {
            Class thrownClass = cause.getClass();
            responsePayload = createResponse(stream, thrownClass, cause, true);
          }
        }
      }
    }

    // Let subclasses see the serialized response.
    //
    onAfterResponseSerialized(responsePayload);

    return responsePayload;
  }
  
  /**
   * Needed to override the service implementor target 
   * @return the target object to invoked the service on
   * 
   * @author Ashin Wimalajeewa (ash) **HACK**
   */
  protected Object getObjectToInvokeServiceIntfMethodOn() {
	  return this;
  }

  /**
   * Computes all the possible types that could be needed to resolve the
   * overload of a given method on the specified interface. Used for security
   * checks.
   */
  private Set computeAllowedTypesForMethodOverload(Class serviceIntf,
      String methodName) {
    Method[] methods = serviceIntf.getMethods();
    Set allParamTypes = new HashSet();
    for (int i = 0; i < methods.length; i++) {
      Method method = methods[i];
      if (method.getName().equals(methodName)) {
        Class[] paramTypes = method.getParameterTypes();
        for (int j = 0; j < paramTypes.length; j++) {
          Class paramType = paramTypes[j];
          allParamTypes.add(paramType);
        }
      }
    }
    return allParamTypes;
  }

  /**
   * Used to determine whether the specified interface name is implemented by
   * this class without loading the class (for security).
   * 
   * Notes:
   * ash 2005.07.24 - needed to make this method protected for overriding purposes **HACK**
   */
  protected boolean isImplementedRemoteServiceInterface(String intfName) {
    synchronized (knownImplementedInterfaces) {
      // See if it's cached.
      //
      if (knownImplementedInterfaces.contains(intfName)) {
        return true;
      }

      // Unknown, so walk up the interface hierarchy and check each.
      //
      Class[] intfs = getClass().getInterfaces();
      for (int i = 0; i < intfs.length; i++) {
        Class intf = intfs[i];
        if (isImplementedRemoteServiceInterfaceRecursive(intfName, intf)) {
          knownImplementedInterfaces.add(intfName);
          return true;
        }
      }
      return false;
    }
  }

  /**
   * Only called from isImplementedInterface().
   */
  private boolean isImplementedRemoteServiceInterfaceRecursive(String intfName,
      Class intfToCheck) {
    assert (intfToCheck.isInterface());

    if (intfToCheck.getName().equals(intfName)) {
      // The name is right, but we also verify that it is assignable to
      // RemoteService.
      // 
      if (RemoteService.class.isAssignableFrom(intfToCheck)) {
        return true;
      } else {
        return false;
      }
    }

    Class[] intfs = intfToCheck.getInterfaces();
    for (int i = 0; i < intfs.length; i++) {
      Class intf = intfs[i];
      if (isImplementedRemoteServiceInterfaceRecursive(intfName, intf)) {
        return true;
      }
    }

    return false;
  }

  /**
   * Gets the <code>HttpServletRequest</code> object for the current call. It
   * is stored thread-locally so that simultaneous invocations can have
   * different request objects.
   */
  protected HttpServletRequest getThreadLocalRequest() {
    return (HttpServletRequest) perThreadRequest.get();
  }

  /**
   * Override this method to examine the serialized response that will be
   * returned to the client. The default implementation does nothing and need
   * not be called by subclasses.
   */
  protected void onAfterResponseSerialized(String serializedResponse) {
  }

  /**
   * Override this method to examine the serialized version of the request
   * payload before it is deserialized into objects. The default implementation
   * does nothing and need not be called by subclasses.
   */
  protected void onBeforeRequestDeserialized(String serializedRequest) {
  }

  /**
   * Obtain the special package-prefixes we use to check for custom serializers
   * that would like to live in a package that they cannot. For example,
   * "java.util.ArrayList" is in a sealed package, so instead we use this prefix
   * to check for a custom serializer in
   * "com.google.gwt.user.client.rpc.core.java.util.ArrayList". Right now, it's
   * hard-coded because we don't have a pressing need for this mechanism to be
   * extensible, but it is imaginable, which is why it's implemented this way.
   */
  private String[] getPackagePaths() {
    return new String[]{"com.google.gwt.user.client.rpc.core"};
  }

  /**
   * Returns true if the {@link java.lang.reflect.Method Method} definition on
   * the service is specified to throw the exception contained in the
   * InvocationTargetException or false otherwise.
   * 
   * NOTE we do not check that the type is serializable here. We assume that it
   * must be otherwise the application would never have been allowed to run.
   * 
   * @param serviceIntfMethod
   * @param e
   * @return
   */
  private boolean isExpectedException(Method serviceIntfMethod, Throwable cause) {
    assert (serviceIntfMethod != null);
    assert (cause != null);

    Class[] exceptionsThrown = serviceIntfMethod.getExceptionTypes();
    if (exceptionsThrown.length <= 0) {
      // The method is not specified to throw any exceptions
      //
      return false;
    }

    Class causeType = cause.getClass();

    for (int index = 0; index < exceptionsThrown.length; ++index) {
      Class exceptionThrown = exceptionsThrown[index];
      assert (exceptionThrown != null);

      if (exceptionThrown.isAssignableFrom(causeType)) {
        return true;
      }
    }

    return false;
  }

  private String readPayloadAsUtf8(HttpServletRequest request)
      throws IOException, ServletException {
    int contentLength = request.getContentLength();
    if (contentLength == -1) {
      // Content length must be known.
      throw new ServletException("Content-Length must be specified");
    }

    String contentType = request.getContentType();
    boolean contentTypeIsOkay = false;
    // Content-Type must be specified.
    if (contentType != null) {
      // The type must be plain text.
      if (contentType.startsWith("text/plain")) {
        // And it must be UTF-8 encoded (or unspecified, in which case we assume
        // that it's either UTF-8 or ASCII).
        if (contentType.indexOf("charset=") == -1)
          contentTypeIsOkay = true;
        else if (contentType.indexOf("charset=utf-8") != -1)
          contentTypeIsOkay = true;
      }
    }
    if (!contentTypeIsOkay)
      throw new ServletException(
        "Content-Type must be 'text/plain' with 'charset=utf-8' (or unspecified charset)");

    InputStream in = request.getInputStream();
    try {
      byte[] payload = new byte[contentLength];
      int offset = 0;
      int len = contentLength;
      int byteCount;
      while (offset < contentLength) {
        byteCount = in.read(payload, offset, len);
        if (byteCount == -1)
          throw new ServletException("Client did not send " + contentLength
            + " bytes as expected");
        offset += byteCount;
        len -= byteCount;
      }
      return new String(payload, "UTF-8");
    } finally {
      if (in != null) {
        in.close();
      }
    }
  }

  /**
   * Called when the machinery of this class itself has a problem, rather than
   * the invoked third-party method. It writes a simple 500 message back to the
   * client.
   */
  static public void respondWithFailure(ServletContext servletContext, HttpServletResponse response, Throwable caught) {
    servletContext.log("Exception while dispatching incoming RPC call", caught);
    try {
      response.setContentType("text/plain");
      response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
      String msg = "The call failed on the server; see server log for details";
      response.getWriter().write(msg);
    } catch (IOException e) {
      servletContext.log(
        "sendError() failed while sending the previous failure to the client",
        caught);
    }
  }

  private void writeResponse(HttpServletRequest request,
      HttpServletResponse response, String responsePayload) throws IOException {

    byte[] reply = responsePayload.getBytes(CHARSET_UTF8);
    String contentType = CONTENT_TYPE_TEXT_PLAIN_UTF8;
    int contentLength;

    if (shouldCompress(request, responsePayload)) {
      // Compress the reply and adjust headers.
      //
      ByteArrayOutputStream output = null;
      GZIPOutputStream gzipOutputStream = null;
      Throwable caught = null;
      try {
        output = new ByteArrayOutputStream(reply.length);
        gzipOutputStream = new GZIPOutputStream(output);
        gzipOutputStream.write(reply);
        gzipOutputStream.finish();
        gzipOutputStream.flush();
        response.setHeader(CONTENT_ENCODING, CONTENT_ENCODING_GZIP);
        reply = output.toByteArray();
      } catch (UnsupportedEncodingException e) {
        caught = e;
      } catch (IOException e) {
        caught = e;
      } finally {
        if (null != gzipOutputStream) {
          gzipOutputStream.close();
        }
        if (null != output) {
          output.close();
        }
      }

      if (caught != null) {
        getServletContext().log("Unable to compress response", caught);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
      }
    }

    // Send the reply.
    //
    response.setContentLength(reply.length);
    response.setContentType(contentType);
    response.getOutputStream().write(reply);
    response.setStatus(HttpServletResponse.SC_OK);
  }

  /**
   * @param stream
   * @param responseType
   * @param responseObj
   * @param isException
   * @return
   */
  private String createResponse(ServerSerializationStream stream,
      Class responseType, Object responseObj, boolean isException) {
    stream.prepareToWrite();
    stream.writeInt(SerializationStream.SERIALIZATION_STREAM_VERSION);
    stream.writeInt(stream.getFlags());
    if (responseType != void.class) {
      try {
        stream.serializeValue(responseObj, responseType);
      } catch (SerializationException e) {
        responseObj = e;
        isException = true;
      }
    }

    String bufferStr = (isException ? "{EX}" : "{OK}") + stream.toString();
    return bufferStr;
  }

  static {
    TYPE_NAMES = new HashMap();
    TYPE_NAMES.put("Z", boolean.class);
    TYPE_NAMES.put("B", byte.class);
    TYPE_NAMES.put("C", char.class);
    TYPE_NAMES.put("D", double.class);
    TYPE_NAMES.put("F", float.class);
    TYPE_NAMES.put("I", int.class);
    TYPE_NAMES.put("J", long.class);
    TYPE_NAMES.put("S", short.class);
  }

  private final ThreadLocal perThreadRequest = new ThreadLocal();
  private final ServerSerializableTypeOracle serializableTypeOracle;
  private final Set knownImplementedInterfaces = new HashSet();
}
